Problem is, even if DDG would be hosted in, say, Europe, the NSA would still be able to snoop on the traffic. As has been recently revealed, the German BND may siphon off up to 20% of the traffic at DE-CIX (Internet exchange in Frankfurt) and on average siphons off 5% [1]. The BND closely cooperates with the NSA. As we've seen in the last couple of weeks, Europe is basically a US colony and Germany in particular is not a true sovereign state. [2] What to do? Host in Russia, Latin America?
(Disclosure: I am German and DDG is my default search engine.)
A foreign intelligence agency like the NSA actually needs less of a legal framework to spy on a foreign company as opposed to a domestic one. It's sort of the whole point of a foreign intelligence agency, not respecting the laws of other countries.
Well, yes. But let's get back to the point of the original post in this thread.
There are two problems: 1) we can't trust the networks that our data travels over and 2) we can't trust US-based companies with our data. The first problem is fairly easily dealt with (encrypt and authenticate), while the second one is much worse. A company based in a country that does not have laws enabling agencies to snoop on and prevent the disclosure of said snooping would automatically be more trustworthy than any US-based company.
> A company based in a country that does not have laws enabling agencies to snoop on and prevent the disclosure of said snooping would automatically be more trustworthy than any US-based company.
The ultimate irony is that by using providers in a country that spies and is unwilling to admit, over a country that spies and is willing to admit, is that you're forgoing the "trustworthy" spying country in favor of the "untrustworthy" spying country.
You know the US spies. How much do you really know about the ones that are staying nice and quiet right now?
I didn't realize secrecy equated with trustworthiness.
How about a country which doesn't spend trillions on spying and thys probably doesn't have capacities anywhere close to those of the US, secret or not.
It may be "worse" in a variety of senses, like political tenability, but the solution is simple: bring data given to third parties under the 4th Amendment, which is the entire underpinning of companies being able to give your packets to the government willy-nilly. Well, not willy-nilly, the government pays for the privilege.
The problems with passing a privacy law that attaches to data given to third parties, like is done in many countries with higher standards of living than the US, are not the citizens' problems. Political tenability is a problem for politicians, but that is of zero consequence. If the populace wants (for some measurable quantity of want) this to happen, politicians will either make it happen or lose their careers or lose their heads to pikes (as has happened throughout history). However, politicians are counting on people having low self-esteem and taking "no" for an answer. It's not the citizen's duty to be cowed by their laziness and bad hearts, though.
I do not think (1) is solved with cryptography because you can spy on the traffic flow and the route and timing of the connections give extra information. To overcome this we need extra measures.
> A foreign intelligence agency like the NSA actually needs less of a legal framework to spy on a foreign company as opposed to a domestic one. It's sort of the whole point of a foreign intelligence agency, not respecting the laws of other countries.
That's why the NSA has links to UK and Australian intelligence agencies. They can "share" intelligence (as in, let the other guys spy on their people). I wouldn't be surprised if the NSA didn't have people on sequester to foreign agencies, but still based in the US, doing nothing but spying on US citizens and passing the information to the NSA (plus giving a few tidbits to the foreign agency, to justify the sequester); as a legal loophole.
Actually a company based out of US jurisdiction and using TLS certs should be "safe" to use assuming they don't voluntarily share your info with any governments. It is expo exponentially harder to compel a country to compel a company to give up info.
Or you an use Off The Record Messaging which has perfect forward secrecy.
If they can get direct access to the DDG servers, then it doesn't matter if they can siphon off traffic at the ISP level. They can just access the data.
But wouldn't that require constant access to the server, whereas the key they could steal once with short access to server and use until it expires without the victim noticing?
My understanding is that if they're using Perfect Forward Security it doesn't matter, because unless you're modifying the traffic in flow (which is much harder to do secretly) then it doesn't matter if someone-else has the private key, they won't be able to decrypt the data in any case.
I'm no expert in PFS in TLS, but there are various key-agreement protocols that allows parties to establish a secure key over an insecure channel.
I believe the way PFS works is that it uses RSA to verify identity and then Diffie-Hellman to establish keys.
If you're only able to passively intercept data (i.e. you can't impersonate the server and MITM) then you're unable to discover what the key established by DH is.
(incidentally nonces are generally only relevant for preventing replay attacks; the nonce doesn't play a part in passive defence)
Https doesn't have to terminate at the server doing the work. A feed splitter could be put between the https termination and the engine room. If ddg were compelled to do this, it's entirely possible to do so without giving up the cert.
(Disclosure: I am German and DDG is my default search engine.)
[1] http://h-online.com/-1909989
[2] http://sz.de/1.1717216